0

我创建了一个小的登录结构:

如果您已将数据写入字段,您会收到一个链接以确认帐户。例如,confirm.php?email=a@a.com 当您访问链接时,会执行以下代码:

$sql = mysqli_connect("localhost", "name", "password");
mysqli_select_db($sql, "db");
$set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."";
mysqli_query($sql, $set_active);
mysqli_close($sql);

但在那之后,活动值仍然是 0,就像默认值一样。

users 表:email (varchar 100) active (int 1) a@a.com 0

4

3 回答 3

2

使用准备好的语句:

$stmt = mysqli_prepare($sql, "UPDATE `users` SET `active` = 1 WHERE `email` = ?") or die(mysqli_error($sql));
mysqli_bind_param($stmt, "s", $_GET['email']);
mysqli_stmt_execute($stmt) or die(mysqli_error($sql));
于 2013-10-25T19:52:42.173 回答
1 
$set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = '".$_GET['email']."'";

你错过'了电子邮件。所以查询是错误的。检查这样做:

echo("UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."");

这会给你一个错误。

于 2013-10-25T19:51:05.350 回答
0

事物用双引号而不是单引号进行评估

改变 

set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."";


set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = '".$_GET['email']."'";
于 2013-10-25T19:59:24.580 回答